Automatically publish to PyPI and to Github

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>

Author: abompard

.github/workflows/main.yml

@@ -0,0 +1,121 @@
+on:
+  push:
+  pull_request:
+
+name: Tests & Release
+
+jobs:
+  tests-misc:
+    name: Misc tests
+    runs-on: ubuntu-latest
+    container: fedorapython/fedora-python-tox:latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install dependencies
+        run: |
+          dnf install -y git tox
+          pip install poetry>=1.2
+      - name: Mark the working directory as safe for Git
+        run: git config --global --add safe.directory $PWD
+      - name: Run tests
+        run: tox -e ${{ matrix.tox_env }}
+    strategy:
+      matrix:
+        tox_env:
+          - lint
+          - format
+
+  tests-unit:
+    name: Unit tests
+    runs-on: ubuntu-latest
+    container: fedorapython/fedora-python-tox:latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install dependencies
+        run: |
+          dnf install -y git tox
+          pip install poetry>=1.2
+      - name: Mark the working directory as safe for Git
+        run: git config --global --add safe.directory $PWD
+      - name: Run tests
+        run: tox -e ${{ matrix.tox_env }},diff-cover
+    strategy:
+      matrix:
+        tox_env:
+          - py38
+          - py39
+          - py310
+          - py311
+
+  # https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
+  build:
+    name: Build distribution 📦
+    runs-on: ubuntu-latest
+    needs:
+      - tests-unit
+      - tests-misc
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.x"
+      - name: Install pypa/build
+        run: python3 -m pip install build --user
+      - name: Build a binary wheel and a source tarball
+        run: python3 -m build
+      - name: Store the distribution packages
+        uses: actions/upload-artifact@v3
+        with:
+          name: python-package-distributions
+          path: dist/
+
+  publish-to-pypi:
+    name: Publish to PyPI 🚀
+    if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, 'rc')  # only publish to PyPI on final tag pushes
+    needs:
+      - build
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/bugzilla2fedmsg-schema
+    permissions:
+      id-token: write  # IMPORTANT: mandatory for trusted publishing
+    steps:
+      - name: Download all the dists
+        uses: actions/download-artifact@v3
+        with:
+          name: python-package-distributions
+          path: dist/
+      - name: Publish distribution to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+
+  github-release:
+    name: Create a GitHub Release 📢
+    needs:
+      - publish-to-pypi
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write  # IMPORTANT: mandatory for making GitHub Releases
+      id-token: write  # IMPORTANT: mandatory for sigstore
+
+    steps:
+      - name: Download all the dists
+        uses: actions/download-artifact@v3
+        with:
+          name: python-package-distributions
+          path: dist/
+      - name: Sign the dists with Sigstore
+        uses: sigstore/gh-action-sigstore-python@v2.1.0
+        with:
+          inputs: >-
+            ./dist/*.tar.gz
+            ./dist/*.whl
+      - name: Release
+        uses: softprops/action-gh-release@v1
+        with:
+          draft: true
+          files: dist/*
+          fail_on_unmatched_files: true
+          generate_release_notes: true